18 matches found
Do You Really Trust Your Web Application Supply Chain?
Well, you shouldn't. It may already be hiding vulnerabilities. It's the modular nature of modern web applications that has made them so effective. They can call on dozens of third-party web components, JS frameworks, and open-source tools to deliver all the different functionalities that keep the...
Russia-Linked Hackers Launches Espionage Attacks on Foreign Diplomatic Entities
The Russia-linked APT29 aka Cozy Bear threat actor has been attributed to an ongoing cyber espionage campaign targeting foreign ministries and diplomatic entities located in NATO member states, the European Union, and Africa. According to Poland's Military Counterintelligence Service and the CERT...
New Malware Used by SolarWinds Attackers Went Undetected for Years
The threat actor behind the supply chain compromise of SolarWinds has continued to expand its malware arsenal with new tools and techniques that were deployed in attacks as early as 2019, once indicative of the elusive nature of the campaigns and the adversary's ability to maintain persistent...
Nobelium Phishing Campaign Poses as USAID
The cybercriminal group behind the notorious SolarWinds attack is at it again with a sophisticated mass email campaign aimed at delivering malicious URLs with payloads enabling network persistence so the actors can conduct further nefarious activities. Microsoft Threat Intelligence Center MSTIC...
2021. The age of the super vulnerability?
I don’t know about you, but to me it seems that every week we are seeing another vulnerability that not only grants significant access to the vulnerable system but also more widely internally. This last week we have seen the latest round of Microsoft Exchange vulnerabilities. The April 2021 updat...
Threat Advisory: NSA SVR Advisory Coverage
The U.S. National Security Agency released an advisory outlining several vulnerabilities that the Russian Foreign Intelligence Services SVR is exploiting in the wild. The U.S. formally attributed the recent SolarWinds supply chain attack to the SVR group in this advisory and detailed more of the...
Detecting the "Next" SolarWinds-Style Cyber Attack
The SolarWinds attack, which succeeded by utilizing the sunburst malware, shocked the cyber-security industry. This attack achieved persistence and was able to evade internal systems long enough to gain access to the source code of the victim. Because of the far-reaching SolarWinds deployments, t...
The SolarWinds Body Count Now Includes NASA and the FAA
Plus: Firefox blocks more tracking, how to fight a robodog, and more of the week’s top security news...
Turning the page on Solorigate and opening the next chapter for the security community
The recent SolarWinds attack is a moment of reckoning. Today, as we close our own internal investigation of the incident, we continue to see an urgent opportunity for defenders everywhere to unify and protect the world in a more concerted way. We also see an opportunity for every company to adopt...
SolarWinds Hack and the Case of DNS Security
It's not news that some of the top government agencies and companies in the world were victims of the SolarWinds attack. At this point, I can say it's the reason I didn't have a smoother transition back into work-life following a long vacation. As I understand it, the breaches happened after...
SolarWinds Hack and the Case of DNS Security
It's not news that some of the top government agencies and companies in the world were victims of the SolarWinds attack. At this point, I can say it's the reason I didn't have a smoother transition back into work-life following a long vacation. As I understand it, the breaches happened after...
Industrial Networks See Sharp Uptick in Hackable Security Holes
It’s on: Adversaries, CISOs and researchers are all simultaneously involved in a frantic race to find cybersecurity vulnerabilities hiding within industrial networks, according to the latest Biannual ICS Risk and Vulnerability report from Claroty. The report analyzed all publicly disclosed...
Addressing the OT-IT Risk and Asset Inventory Gap
Cyber-espionage and exploitation from nation-state-sanctioned actors have only become more prevalent in recent years, with recent examples including the SolarWinds attack, which was attributed to nation-state actors with alleged Russian ties. There are suspicions that sensitive information has be...
North Korea Targets Security Researchers in Elaborate 0-Day Campaign
Hackers linked to North Korea are targeting security researchers with an elaborate social-engineering campaign that sets up trusted relationships with them — and then infects their organizations’ systems with custom backdoor malware. That’s according to Google’s Threat Analysis Group TAG, which...
Critical Microsoft Defender Bug Actively Exploited; Patch Tuesday Offers 83 Fixes
Microsoft addressed 10 critical bugs, one under active exploit and another publicly known, in its January Patch Tuesday roundup of fixes. In total it patched 83 vulnerabilities. The most serious bug is a flaw in Microsoft’s Defender anti-malware software that allows remote attackers to infect...
FBI, CISA, NSA Officially Blame Russia for SolarWinds Cyber Attack
The U.S. government on Tuesday formally pointed fingers at the Russian government for orchestrating the massive SolarWinds supply chain attack that came to light early last month. "This work indicates that an Advanced Persistent Threat APT actor, likely Russian in origin, is responsible for most ...
Solorigate Resource Center – updated February 5, 2021
Alongside our industry partners and the security community, Microsoft continues to investigate the extent of the recent nation-state attack on SolarWinds. Our goal is to provide the latest threat intelligence, Indicators of Compromise IOCs, and guidance across our products and solutions to help t...
A week in security (December 14 – December 20)
Last week on Malwarebytes Labs we kept you updated on the SolarWinds attack, we warned about the special dangers that come with the Christmas season, published a threat profile for the Egregor ransomware, warned how a lead generation scam was targeting potential Malwarebytes MSP partners, and...